(7 months, 1 week ago)
Lords ChamberMy Lords, the eGates software is provided by a fairly small Portuguese company called Vision-Box, under a contract that was signed in 2013 and has been extended to at least 2027. As someone who spends most of his life working in software mergers and acquisitions, I can say that it would be pretty normal, when a key contract such as this is entered into with a smaller supplier, that a change of control clause would be included in the contract, allowing the customer—the Government in this case—to obtain safeguards about future performance before any takeover of the company is completed.
Vision-Box was taken over in April by a very large Spanish group called Amadeus. Was there a change of control clause in the contract? Were suitable undertakings obtained from Amadeus before Vision-Box was acquired? Can the Minister confirm that the outage was not related to changes made by Amadeus as a result of the takeover? Looking forward, I understand that the Vision-Box software is currently based on Windows 10, which will no longer be supported beyond 2025—so is the Minister confident that Amadeus is committed to a suitable upgrade path?
I will address the last points first. As I said, it was not a software issue that caused this particular outage, so I can deal with that relatively straightforwardly. As regards government contracts, as the noble Lord will be aware, I think they are all published on GOV.UK. I am not sure if this one was or if I am wrong there, but I will check and find out and come back as required.
Yes, I will also check on that.
I did not know about the Amadeus takeover of this particular Portuguese company, but I will make further inquiries and, if there is more to be said, I will write to the noble Lord.
(1 year, 5 months ago)
Lords ChamberMy Lords, I will briefly add my support to the amendments proposed by the noble and learned Lord, Lord Garnier, which try to strengthen the failure to prevent clauses the Government have proposed. I welcome those clauses and the changes the Government have added at this stage. In particular, I strongly support Amendment 110, to which I have added my name, which removes the restriction of this offence to large companies.
Let us be clear what this failure to prevent offence deals with. It does not cover, for example, the use of a company’s services by fraudsters, something I greatly regret. I am sure that—along with, I hope, the noble Baroness, Lady Morgan—we will come back to this in another Bill. It actually applies only to situations where somebody associated with the company, such as an employee, commits a fraud that is intended to benefit the company. Let me emphasise that: it applies only to frauds carried out by associates such as employees or agents, and only where those frauds are effectively committed on behalf of the company. It is pretty restricted.
When I was in business, frankly, it never occurred to me that such situations were not already caught by the law. Surely, it must be a fundamental principle that a company should take reasonable steps to prevent its employees committing fraud on its behalf. But the Government seem to take a different view. Having been dragged somewhat reluctantly into putting forward their own amendments to create this offence of failure to prevent, they have decided it should apply only to larger companies. As we have heard, they have set the threshold so that less than 1% will be covered.
The argument, as we have heard, is that the cost would be disproportionate. The Government have come up with some costings to support this. I am afraid I do not think I am the only person who simply does not find those costings credible. Any reputable company should, and I believe generally will, be doing this already. There are some things we should ensure that companies do anyway. A good example is that companies must ensure that health and safety rules are followed. It is not an excuse to say, “It wasn’t me; an employee caused the accident”. Nor is it an excuse to say, “My company is too small to follow health and safety rules”. We do not give small companies an exemption from health and safety, tax evasion or bribery legislation. Why would we do so, uniquely, for fraud—committed on the company’s behalf?
If the Government are genuinely worried about the cost, they can deal with that easily enough by issuing timely guidance that sets out what steps would be reasonable and the circumstances in which no additional procedures would be required, which is likely to be the case for most small enterprises. Amendment 125D makes some sensible suggestions in that regard.
(1 year, 7 months ago)
Lords ChamberThe noble Baroness will be aware that a number of ongoing reviews on matters such as dismissals are due to conclude very shortly. She makes some very good points about victims, and we are committed to delivering justice for victims and putting some of the vile offenders referred to behind bars for longer, but there is obviously still a long way to go. We have previously discussed at the Dispatch Box some of the factors the noble Baroness mentioned and, while I will not go into them in detail again, I note that programmes such as Operation Soteria are delivering meaningful results.
The noble Lord was quite right in saying that I was going to mention fraud. The Statement says that crime is falling, excluding fraud. Fraud remains a substantial growth industry and now accounts for over 40% of all crime against the individual. The noble Lord agreed last week that the current level of law enforcement resources aimed at it is insufficient. He skilfully shot my fox earlier by referring to the national fraud strategy that is to be issued this week, which is an improvement on “imminently” and “shortly”. How many of these 20,591 officers who have been recruited have specialist fraud skills?
The noble Lord asks a question which I cannot answer at the moment. I will endeavour to find out those statistics and I would hope that some of those questions about resourcing will be dealt with on publication of the strategy this week. As regards the overall uplift, as I said earlier, 91% of the new intake, as it were, are involved in frontline policing.
(1 year, 7 months ago)
Grand CommitteeMy Lords, first, I congratulate the Government on bringing forward an amendment—it is at least a start. My noble friend the Minister said that he enjoys a lively debate and was looking forward to another one today, so I do not want to disappoint him. I speak as an SME; cut me in half, and that is what I am, and have been all my life. Indeed, my interest in SMEs long predates my noble and learned friend Lord Garnier’s interest in bribery, as I set up my first business in 1978.
My point is that I absolutely understand how SMEs think, so it is not credible to say, “Oh, we must protect them”. For a start, the way in which the categories are set excludes probably 90% of businesses in this country. I cannot work it out exactly, but it is the vast majority of commercial activity, so that makes a nonsense, frankly, of what is being suggested. On the fair application of law, to respond to my noble and learned friend Lord Garnier, a 5 foot 3 inch burglar can do just as much damage as a 6 foot 6 one. There is no logic to that—and I speak not as a lawyer but as a simple businessman.
More profoundly, unless we bring about this culture change, we are not going to get the SME community to think about fraud. If you are a victim of fraud and have the mechanisms in place to detect it because of other people doing it to you, you are far less likely to have it committed against you. All we are doing is creating an artificial bubble for people who are victims. I keep banging on about this figure, but 40% of crime in this country is now economic crime, of which fraud is a large part. So as for the idea that we are protecting SMEs in any way—we are not.
Perhaps the most important element is the professional enabler—the accountant and solicitor. We heard from the noble and learned Lord, Lord Thomas, the other day that the behaviour of the legal profession is not perhaps as pristine as it was 20 years ago. If it can take short cuts because someone looks like a juicy client, then the temptation exists. Only 100 of the 10,000 law firms in this country would have to comply with this carve-out—so that is nonsense, too. Then we come to public procurement. I was procurement Minister, and we have had a great success in government in the last few years, doubling the amount of money going from public procurement to SMEs from £20 billion to nearly £40 billion. If this provision comes in, it will have a kind of freezing effect on government. I know what officials are like—they are very cautious people and, if they feel they are taking a risk by contracting with SMEs because they, in turn, are not doing proper fraud checks, it will be another reason not to use them. So there is that perverse impact.
If we go a bit further, large corporations will find ways round this. They can create separate subsidiaries and they can use all the things we have been talking about, such as different ownership in different jurisdictions, so this will not solve the problem. The point has also been made about inconsistency: bribery has not had a carve-out for SMEs, so why should this? I ask my noble friend to put a cold towel round his head and those of his officials and come up with a credible explanation.
My Lords, I, too, welcome the government amendment. It is a step in the right direction, but I think the Minister will hear fairly similar arguments from all of us as to why it does not go far enough—I will be doing the same thing. In simple terms, the offence that the amendment creates is that the company becomes liable if an employee of the company commits a fraud offence with the intention to benefit the company. I am struggling to understand why, if the employee of a smaller company with, say 25 or even 200 employees, commits fraud intended to benefit the company, that company should not be guilty.
At the risk of introducing a new question at this point in the debate, which I am quite pleased to be able to do, I do not understand how this works for groups of companies. Are the numbers calculated on the basis of consolidated figures or, as the noble Lord, Lord Agnew, suggested, could you just create a subsidiary specifically for the purpose of carrying out the fraud? If it is not on a consolidated basis, it cannot make sense at all.
I have worked for both large and small companies in my career and the reality is that it is much more likely that the directors of a small company will know what their employees are up to than those with a big company. They do not necessarily need burdensome processes to know what has happened. They are in the same office, they are walking the same floor and they are hearing the phone calls. In any event, it should be the responsibility of any company to have in place reasonable procedures to ensure that its employees do not commit fraud on its behalf. Frankly, that should be a basic minimum to be allowed to be in business. Because of the defences that are included, all that is required is to have in place
“such prevention procedures as it was reasonable in all the circumstances to expect”,
or to have no such procedures in place if that would be reasonable. Whether those procedures are considered reasonable in all the circumstances will be driven in part by the size and activity of the company. The Government have also given themselves power to provide guidance as do what would be reasonable and they could easily tailor that for smaller companies, so we really do not need to remove them from scope. In the absence of compelling reasons from the Minister, I would be minded to support the amendments of the noble Lord, Lord Fox.
The other element that seems to be missing from the government amendment is any personal liability of the company management. Without this, those who turn a blind eye to fraud can hide behind the limited liability of the company. If someone has been involved in the decision-making process that led to the failure to take reasonable steps to prevent fraud from being carried out on behalf of the company, they should personally be on the hook. Personal liability concentrates minds wonderfully. Finally, as we have heard, the amendment does not deal with the identity doctrine, which the amendment of the noble and learned Lord, Lord Garnier, tries to. Again, why not?
At Second Reading, the Minister, the noble Lord, Lord Johnson, said that this Bill
“will bear down even further on kleptocrats, criminals and terrorists who abuse our open economy, and it will strengthen the UK’s reputation as a place where legitimate business can thrive, while ensuring that dirty money has no place to hide … The Bill will ensure that law enforcement and the private sector have the tools needed to help tackle economic crime, including fraud and money laundering”.—[Official Report, 8/2/23; col. 1250.]
As currently drafted, it does not achieve those aims. The UK, sadly, does not have a reputation as a place where
“dirty money has no place to hide”—
depressingly, the opposite is true. If we want to make a real difference and repair our damaged reputation, we must take genuinely robust steps.
Throughout our debates in Committee, the Government have resisted a whole range of sensible suggestions that would strengthen our fight against economic crime. Here we are again, with a set of amendments from the Government that are just too weak. The suggestions of the noble Lord, Lord Fox, the noble and learned Lord, Lord Garnier, and others would not create a disproportionate burden on businesses but would strengthen our reputation. I am becoming baffled and rather depressed by the Government’s continued reluctance to take genuinely strong action to reduce the levels of economic crime and, without genuinely compelling reasons from the Minister, I will support the noble Lords’ amendments. We have heard many times in our debates that this is a once in a decade opportunity to tackle this. We really have to take it.
My Lords, I thank all noble Lords—too numerous to mention—who have participated in this debate, and I shall try to address all the points put to me, but I apologise if I do not name everybody individually.
I feel I should declare an interest: I have owned and been a director of small businesses, not all of them successful—like my noble friend, Lord Leigh—and to my noble and learned friend Lord Garnier, I declare an interest as a tall man.
I will start with the amendments linked specifically to failure to prevent offences. I welcome the broad support today for the government amendments, which would, I emphasise, cover all sectors, and that includes telecoms companies. I hope that they deliver most of what the other amendments intend. However, I have noted that concerns remain. Obviously, I listened to the debate very carefully, including on the scope and reach of the new offence.
Before I turn specifically to the amendments, I reassure my noble friend Lady Morgan that the fraud strategy really is imminent. She is absolutely right: I am really keen to see it. I say to my noble friend Lord Leigh that his point about accounting principles was very interesting, but the design of the definition of large companies comes from the Companies Act 2006.
I note the wider offence lists put forward in Amendments 96, 97, 98 and 99, tabled in the names of my noble and learned friend, Lord Garnier, my noble friend Lord Agnew, the noble Lord, Lord Faulks, and the noble Baroness, Lady Bennett of Manor Castle. In particular, noble Lords seek to ensure that money laundering is covered by the new failure to prevent offence. The Government have consulted with law enforcement and prosecutors, and we are satisfied that all the priority offences have been included.
We have carefully examined the wider offence list and determined that they are not appropriate to include because they would duplicate existing regimes, cause repetition with other existing offences, are too broad or relate to preparatory offences. It is also worth noting that the Law Commission report published in June 2022 agrees with this. It highlighted that Part 2 of Schedule 17 to the Crime and Courts Act 2013, as Amendment 98 suggests, while a good starting point for considerations, would be too broad.
I turn to the proposed failure to prevent money laundering offence, as in Amendment 99, tabled by my noble and learned friend Lord Garnier. The UK already has a strong anti-money laundering regime which requires regulated sectors to implement a comprehensive set of measures to prevent money laundering. Corporations and individuals can face serious civil and criminal penalties if they fail to do so.
A failure to prevent money laundering offence would duplicate the systems, controls and penalties of the existing regime. Furthermore, it would extend anti-money laundering obligations to organisations with very low risk, which would be disproportionate. Any necessary anti-money laundering measures can be implemented through the existing regime. The Law Commission agreed with this point, noting that any offences to cover breaches of money laundering would create additional positive duties on organisations which would overlap with the duties under the anti-money laundering regime.
The Government’s review of the UK’s anti-money laundering regime, published in June 2022, concluded that existing regulatory requirements allow for businesses to take a risk-based approach to their obligations, meaning their compliance activities can be targeted at areas of highest risk of money laundering and terrorist financing. The review also committed the Government to further analysis and public consultation to identify the best path for reform of the anti-money laundering supervisory regime. Further improvements to the UK’s anti-money laundering framework are therefore best targeted by strengthening and improving the existing regime, rather than by the creation of a new parallel regime. The Government have already committed to undertake further consultation on the anti-money laundering supervisory regime and continue to review the anti-money laundering framework.
Amendment 99 in the name of my noble and learned friend Lord Garnier also proposes a failure to prevent sanctions evasion offence. The UK can already impose a range of criminal and civil penalties against corporations and individuals for breaches of UK sanctions. Powers were strengthened last year when we moved civil penalties for financial sanctions on to a strict liability basis. Introducing a failure to prevent offence would duplicate the existing regime. On the scope of the offences, government Amendment 84B contains a power in secondary legislation to update the list when required.
I turn to Amendments 84AA, 84CA, 84CB and 84CC, on the threshold for the new offence, tabled by the noble Lord, Lord Fox. I thank him for talking me through his concerns last week and I note that most other noble Lords have supported its intention. I will endeavour to set out the Government’s position on this. Our analysis shows that small businesses would be disproportionately affected by the costs of complying with a failure to prevent fraud offence. The total cost to small and medium-sized enterprises would amount to billions of pounds in year one and hundreds of millions in each subsequent year. This would significantly increase the cost of the measure, which is £98.5 million per annum with the threshold included. An affirmative power—
If the Government have done some analysis on that, could they share it with us? That would be very helpful.
I am happy to investigate whether that is possible. If it is, I will do so.
An affirmative power to add a threshold in future, as proposed by the noble Lord’s amendments, would have limited impact on this burden, with the highest costs already borne should the offence apply to smaller organisations in year one. It is also important that we consider the cumulative compliance cost for SMEs across multiple government regulations, rather than seeing these fraud measures in isolation. Excluding SMEs from the new offence does not mean they can get away with fraud; powers already exist to prosecute small companies, their owners and their employees for criminal acts. It is currently easier to hold these companies to account than larger organisations with complex structures.
The Government’s proposed failure to prevent fraud offence will strengthen powers to tackle fraud by large organisations, ensuring that companies with the biggest customer bases which risk causing the most harm take extra steps to prevent fraud.
We will keep the threshold under review and can amend it through secondary legislation, if required. I know that some noble Lords argue that this power should be used the other way. However, given the potentially chilling impact on small businesses, I hope that noble Lords will agree that it is better to understand the impact on large companies once the measures are implemented, as my noble friend Lord Leigh has highlighted—as well as any trickle-down effect on smaller companies—before applying it more widely. The regulation-making power in the Government’s Amendment 84C enables this approach. The Government therefore firmly consider that the proposed failure to prevent fraud offence strikes an appropriate balance between the crime prevention benefits and the burden placed on business.
We will come on to this in more detail on a later group. Perhaps we should leave the detail of this debate until the third group, which we will get to at some point.
The Minister referred earlier to questions about groups of companies and the fact that an employee of a subsidiary would still be an associate of a holding company. That does not address the question that I was asking. Are the thresholds in Amendment 84C on an individual entity basis or a consolidated basis? There is a big difference between the two. A group could happily have a small subsidiary and say, “An employee of that did it, so we are off the hook”.
I appreciate the point that the noble Lord was making and apologise for not addressing it more directly. I will refrain from answering that now and will write. I think I know how it is done, but I am not an accountant and I do not want to say something that he will pick apart. If he will indulge me, I will write on that subject with greater clarity to make sure that I am not making a mistake.
I thank all noble Lords for their participation in this debate and for their patience as I have taken them through a fairly long speech on the Government’s positions on these issues. We agree that reform is needed and, as we have made clear, the Government’s amendments represent a major step in delivering it. I hope that further explanation has reassured noble Lords on why we have presented the amendments with the scope and reach that they contain, and that the Government are committed to reform of the identification doctrine. I therefore very much hope that noble Lords will support the government amendments and not seek to move their own.
My Lords, it is a pleasure to follow the noble Baroness, Lady Morgan, who so ably chaired the Fraud Act 2006 and Digital Fraud Committee of which I was also a member. She has given a lot of detail, so I will try to slash out bits of my speech that she has already covered and not repeat too much—I apologise if I fail slightly in that.
I think that we all know about the scale of fraud in this country. However, I think it is worth repeating what the noble Baroness, Lady Morgan, said about the impact that fraud has on the victims. This is not just a financial crime and “Oh, I’ve lost some money”. We heard stories about mental health issues, even suicide, arising from frauds. It is a really serious matter. Losing your life savings is serious but it goes way beyond that.
Yet we do not seem to have taken much action. We have heard several times about the 1% of law enforcement resources that are focused on it. The government response has been fragmented—we refer in our report to an “alphabet soup” of bodies dealing with it. Our report referred to this creating
“a permissive culture across Government and law enforcement agencies towards fraud and the criminals who perpetrate it”.
At the risk of sounding like a stuck record, we have been waiting for months for the national fraud strategy—I think I detect that the Minister is as frustrated as we are about the delay. I am pleased that it has moved from “shortly”, as he said on 15 November last year, to “genuinely imminent” today. We look forward to it. However, the delay does not inspire huge confidence in how seriously the Government are taking this.
The noble Baroness, Lady Morgan, described what we called the “fraud chain” in our report. It is sometimes known as the “kill chain”; we decided that that was not a particularly pleasant phrase, but it again conveys the seriousness of it. Some parts of the chain are, at last, taking action. In particular, the banking sector has taken a number of actions that have had a positive impact; the introduction of the confirmation of payee process is a good example. But why has that sector in particular taken action? I would argue it is because it has had, almost alone in the chain, a real financial incentive to do so with the voluntary reimbursement code. It has been on the hook for paying back and reimbursing, therefore it is trying to do something to stop it. The voluntary code is now becoming mandatory under the Financial Services and Markets Bill, which is welcome.
It is also interesting to see, in the financial services and banking area, some competitive elements creeping in. The TSB uses the fact that it now reimburses all APP fraud losses as a selling point, which is encouraging. On the other hand, those banks that did not sign up to the voluntary reimbursement code are often cited as being more likely to see greater fraud levels on their customers; with less incentive to take action, they have taken less action. Making the code mandatory will, I hope, force them to start to do so.
We have heard about the other players in the fraud chain, those who make it possible for the fraudster to carry out the fraud—the enablers, if you like. They have no such incentive to act at the moment and, as a result, they have not acted, or not in any meaningful way. These enablers are players such as social media companies, search engines, online dating companies, the telecoms industry, website hosting companies, email platforms, ISPs, online gaming platforms, intermediary platforms and those selling bulk SIM cards or SIM farms, which the fraudsters use—and many more. I am sure that, as this area moves and changes, as it does very rapidly, we will see fraudsters constantly jumping into new areas and doing new things. They will react; there will be plenty more that we have not thought about.
From speaking to a major UK fintech, I know that around half the frauds it sees start from platforms operated by Meta, and more than half arise on just four platforms. In a debate on protecting vulnerable people from fraud on 2 December 2021, the noble Baroness, Lady Williams of Trafford, answering for the Government, said:
“As for discussions with Facebook, I have lost count of the number of discussions that I have had. One thing that we said way back in the day was, ‘Look, if you don’t sort some of these problems out, we’re going to legislate to sort them out’—and this is where we are now”.—[Official Report, 2/12/21; col. 316GC.]
A year and half later, we are still there.
As we have heard, we were particularly unimpressed with the telecoms industry, which was at best depressingly complacent. Who in this Room has not received a fraudulent SMS message or phone call appearing to come from a UK number such as HMRC or Royal Mail? I guarantee that nobody in this Room has not. To be fair, some telecoms companies are now taking action. EE, for example, flags suspicious calls, which proves that it can be done. But most have not taken action. They are paid for all these calls and texts, as the noble Lord, Lord Sandhurst, has said but, because there is no come-back on them at all, they have taken little or no action to stop them. I have not been able to find reliable data as to what proportion of scams originate from telecoms companies; rough data seems to indicate that it is somewhere around 20% to 25%.
Amendment 94 aims to create an incentive for all players in the fraud chain to take action. Effectively, it creates an offence of failing to take reasonable steps to prevent the use of a company’s services for the purpose of committing fraud—by a third party; it does not have to be related to the company. The amendment is deliberately scoped widely, rather than industry by industry; it tries to make it so that anyone providing a service that could reasonably be expected to be used by fraudsters should have to take reasonable steps to detect and prevent that use. That does not seem particularly extreme. It creates a defence that the company had in place such procedures as it was reasonable, in all the circumstances, to expect to detect and prevent the use of its services for the purposes of committing fraud, or that it could not reasonably have known that they were being used for such purposes.
When we get to the discussion that we will no doubt have about this being disproportionate, I will disagree. Any court is going to look at a small company, and that is one of all the circumstances that it will take into account when deciding what would be reasonable for detecting and preventing fraud. It cannot be too much to ask that companies should have to put reasonable procedures in place. I think that it is a pretty low bar, but I am sure that we would all be very happy to discuss how the amendment might be tweaked or changed to ensure that it does not have a disproportionate impact on businesses. But it would be good to hear whether, first, the Minister agrees that there is genuinely a problem in this area and, secondly, whether he agrees conceptually that creating a real incentive for companies to take more care to ensure that their services are not being used by criminals is necessary.
The Online Safety Bill goes some way to achieving this in some respects—and I thank the Minister for arranging for me to meet officials yesterday, who were extremely helpful in getting me up to speed on what that Bill does. It does that especially in relation to fraudulent advertising, and that is very welcome, but it does not cover all the enabling industries, even the ones we know about now, let alone those in future. It does not cover telecoms, email providers or web-hosting companies, for example, and is more focused on the large players. It also does not cover all the activities. Previously I mentioned people selling SIM farms or other tools used by fraudsters. They would not be caught by it. It will not catch the SMS with a link to a fake Royal Mail site, for example.
What worries me is that the approach of using lots of different pieces of legislation to deal with this problem, such as the Online Safety Bill and the others that the noble Baroness, Lady Morgan, mentioned, leaves us in danger of creating a piecemeal approach, mirroring the alphabet soup of responsible bodies that I mentioned. This amendment would create an overarching obligation on any business to take reasonable steps to prevent the use of its services by fraudsters, whether on or offline.
Amendment 91, in the name of Baroness Bowles, attacks the problem from the point of view of regulators, conferring a duty on them, or giving them the option, to create a duty to prevent or facilitate crime regulation. It names a number of regulators, including Ofcom in respect of telecoms and other communications platforms. It mentions the ICAEW, so I should remind the Committee of my interest as a member of that body—I keep doing that, I am very boring. Personally, I think these two amendments would actually work quite well together. If Ofcom, for example, set out a code of conduct for telecoms companies to follow, that could work as the defence mentioned in Amendment 94.
However we do it, we must incentivise all enablers in the fraud chain to do the right thing. There is an excellent opportunity in this Bill to do it now. Further delay will lead to countless more innocent people losing their savings and being traumatised. I very much hope the Minister will be willing to approach this constructively, even if he does not like some of the specifics in the amendments. I support the noble Baroness’s suggestion about the analysis of how all these Bills work together, which would be very helpful.
My Lords, it is a pleasure to follow the noble Lord, Lord, Lord Vaux, and everyone who has contributed to this crucial debate. I feel I should begin with an apology for not taking part in the debate on the failure to prevent in the first group, but that is because I was in the debate on the Online Safety Bill, with an amendment to which I had attached my name. It is a grave pity that we are debating two such important and closely linked Bills on a Thursday, with the pressures that is putting on your Lordships’ House, but in this group we have seen that we are overcoming those challenges and doing a great job of scrutiny, as we should be doing.
I will be quite brief and again try not to go over any of the same ground as others, but something that struck me when I looked at the Online Safety Bill was that action against fraud and other crime was utterly missing from it. In fact, I considered tabling amendments, but the drafting job was, frankly, beyond the capabilities available to me. The way it has worked out fits very well with this Bill and draws on the capacity of people involved with this Bill, whereas the other Bill has been taken in a somewhat different direction. It is worth noting that this is a safety issue—the noble Baroness, Lady Morgan, and the noble Lord, Lord Vaux, referred to this. The noble Baroness said that it does not only affect older people, but it is worth noting that it is particularly an issue for them. If you are hit by a fraud when working in a system that you already found challenging and difficult to engage with, you lose confidence in your ability to operate in the world. We have a loneliness epidemic, with many people struggling to survive, with the Government stressing digital first, digital first. The impact on older people in particular is an earthquake through their lives, and that needs to be noted.
Lots of people talked about the scale of that problem, but I do not think anyone has mentioned that UK Finance, the trade association for the UK banking and financial sectors, said that financial fraud is now a national security threat. That ties in with the earlier amendment of the noble Lord, Lord Alton. In the first half of 2021, more than £750 million was stolen, and that was a 30% increase on the same period from the previous year, so we are looking at something that is escalating and absolutely demands action.
My Lords, I thank the noble Baroness, Lady Bowles of Berkhamsted, and my noble friend Lady Morgan of Cotes for their amendments on failure to prevent economic crime, and all noble Lords who have spoken in this debate.
I hope that my comments during our debate earlier today will have provided some reassurance on the Government’s ambitions to take action in this area, including the introduction of a new offence of failure to prevent fraud. These amendments obviously cover some of the same ground so I will seek not to repeat myself too much on issues such as the scope and threshold of the Government’s amendments but to focus more on what I understand to be the wider thrust of Amendments 91 and 94.
Before I get on to that, I reassure the noble Lord, Lord Vaux, that the fraud strategy is a couple of hours closer. I remind noble Lords that there is an all-Peers drop-in session on 9 May to discuss the three Bills that are currently under way through Parliament: this Bill, the Online Safety Bill and the Financial Services and Markets Bill. That will bring some of the discussions together, as suggested by my noble friend Lady Morgan. I refute the allegation that the Government are not doing very much. Those three Bills themselves prove that we are indeed intent on fixing many or all of the problems that have been identified—the Government of course take these problems seriously.
I turn to the amendments in this group. The Government’s offence does not extend to services that facilitate fraud—that is, companies whose services are misused by third parties to carry out fraud. Examples include social media and telecoms companies whose services are used to promote fraudulent schemes, as has been pointed out, and banks and crypto exchanges, which fraudsters use to process the payments. If these companies or their employees commit fraud, they will be in scope, but not where their services are misused by others.
The Government agree that companies that facilitate fraud, even if they are not complicit in the offending, must do more to prevent and detect it. In doing so, they can protect their customers and the wider public from fraud, which, as has been discussed at length, causes significant damage to wider society and individuals —we must not forget them. However, we intend for this to be achieved by seeing through existing plans for regulatory and voluntary activity, rather than by creating a new offence which risks duplicating those existing approaches.
Amendment 91, tabled by the noble Baroness, Lady Bowles of Berkhamsted, proposes a regulatory duty to prevent economic crime, enforced by regulators. In relation to organisations that commit fraud, we can achieve a similar effect that incentivises organisations to put fraud controls in place through the Government’s approach: an offence enforced by law enforcement. Our approach allows all sectors to be in scope, not just regulated bodies, and is less resource-intensive for business and the public sector than establishing new regulatory approaches. In relation to the facilitation of fraud, I reassure the noble Baroness, Lady Bowles, that action is already under way to tackle this. I will address some of the sectors mentioned in today’s debate and Amendment 91, which I hope will provide some further reassurance.
The Online Safety Bill will require all in-scope tech companies, including social media companies, to take action to tackle fraud where it is facilitated through user-generated content or via search results. They must put in place systems and processes to prevent users encountering fraudulent content through their platforms and to swiftly remove any such content available through their platform. Without wishing to single out any particular company for attention, I reassure my noble friend Lady Morgan that Airbnb, which she referenced, would of course be in scope.
Additionally, there will be a duty on the largest social media and search engines requiring them to prevent fraudulent adverts appearing on their services. The Bill gives Ofcom, as regulator, robust enforcement powers, allowing it to impose significant financial penalties on services that do not fulfil its duties. Ofcom will publish codes of practice to set out further details on what platforms must do to meet their duties under the Online Safety Bill.
The “failure to prevent” offence operates in a similar way to the Online Safety Bill, by setting out reasonable steps to be taken, with the ability to fine companies that fail to fulfil their duties. Expanding the “failure to prevent fraud” offence in the ECCT Bill to cover facilitation of fraud would create duplication for tech companies, which would have to follow two parallel regimes in relation to facilitation of fraud, potentially creating confusion for businesses.
Noble Lords also raised the role of telecoms companies, including the content of messages passed over their networks. The telecoms industry is already extensively regulated by Ofcom, which is active in encouraging the industry to tackle scam calls and texts, including through regulation and guidance. This includes new measures that will take effect shortly to tackle the spoofing or disguising of UK telephone numbers from overseas. As it should be, the telecoms industry has been an active partner in the fight against scams, with broadband and mobile providers signing up to the Home Office’s Telecommunications Fraud Sector Charter and committing to work with the Government to reduce the use of their networks by criminals.
However, it is important to recognise that telecoms operators are not able to view the content of messages passing over their networks. While they employ sophisticated algorithms to identify and block hundreds of millions of fraudulent or scam messages and calls, the rapid evolution of threats creates challenges to pre-emptive action. This means that a facilitation offence could potentially have a disproportionate effect on the industry and the operation of telecommunications in the UK.
Amendment 91 also references the Financial Conduct Authority. The FCA is working closely with banks and other financial institutions to reduce the role they play in facilitating fraud and to identify further controls that can be put in place to protect the public from scams. In addition, the Payment Systems Regulator is introducing new requirements for financial institutions to reimburse fraud victims, which will create strong incentives to improve fraud controls, as noted by the noble Lord, Lord Vaux.
In respect of the Solicitors Regulation Authority, noble Lords will be aware from Tuesday’s debate that Clause 183 of the Bill already inserts a regulatory objective in the Legal Services Act 2007, focusing on promoting the prevention and detection of economic crime. This measure affirms the duties of the regulators, the Legal Services Board and the regulated communities to uphold the economic crime agenda.
The noble Lord, Lord Vaux, also referenced the Institute of Chartered Accountants in England and Wales. Amendment 91 also references that organisation and other relevant regulators of accountants. As I said, I am aware that several noble Lords have declared their association with that organisation.
As noble Lords will be aware, ICAEW is a professional and supervisory body for chartered accountants. Its work in areas regulated by law—for example, audit, anti-money laundering, local audit, investment business, insolvency and probate—is monitored by oversight bodies such as the Insolvency Service, the FCA, the Office for Professional Body Anti-Money Laundering Supervision, the Civil Aviation Authority and the Legal Services Board. ICAEW has been proactive in the industry fight against fraud, leading the sector in negotiating and delivering the Accountancy Fraud Sector Charter, published in 2021, and is an active member of the counter-fraud community, contributing to all levels of governance across the threat landscape. It is a co-signatory to the Economic Crime Plan and associated actions.
As I set out in our earlier debate, the offence introduced via the Government’s amendments covers fraud and false accounting, while keeping money-laundering responsibilities contained under the existing regulatory regime. That ensures that the offence is targeted, focused on offences most likely to be committed by corporations and where prevention can have the most impact and not duplicative of existing regimes.
I note the wider offence lists put forward under the noble Baroness’s amendment, but—as we debated at length earlier today—we are satisfied through discussions with law enforcement and prosecutors that all the priority offences have been included. There is a power in secondary legislation to update the list when required. We have also touched on the issue of the threshold in the government amendment that means it applies—at least initially—only to large organisations. As I set out earlier, this is to avoid disproportionate burdens on small and medium-sized enterprises and ensure our economy encourages people to open and grow businesses. Of course, we encourage small organisations to take steps to prevent fraud and there are, as I mentioned in an earlier group, existing powers to prosecute small organisations and their employees if they commit fraud, but we need to keep the total regulatory burden in check.
There have been cross-party calls for the Government’s failure to prevent fraud offence both in this House and in the other place, as well as across civil society. The Government have listened and introduced amendments. In addition to the legislative measures proposed, the Government continue to work closely with regulators and wider sectors to tackle fraud and set out the actions expected of industry. I am afraid that the Government therefore view these amendments as duplicative of measures already being taken forward—
I am a little confused, because we seem to be talking now about the previous amendments, where an associate of the body commits fraud with the intention to benefit the body, which is a very different thing to the amendments we are looking at at the moment. The situations we have been talking about—the scams, and so on—would not, as I think we established fairly clearly in debate on the first group, be covered by that. Will the Minister please address the issue of scams and what these amendments are trying to address, rather than the rather different offence that was created by the first group of amendments?
My Lords, I think I have already addressed that a little earlier when I was talking about the various codes that we are asking telecoms companies to sign up to via Ofcom. I am wrapping up now, so I am bringing it all together—or attempting to.
The Government therefore view these amendments as duplicative of measures already being taken forward and not achieving their intentions. I of course commit to read page 22, in answer to my noble friend, but I ask the noble Baroness, Lady Bowles, and my noble friend Lady Morgan not to press their amendments.
(1 year, 7 months ago)
Lords ChamberMy Lords, the noble Baroness will be aware that the publication of the new fraud strategy is imminent. As I referred to in my earlier Answer, the second iteration of the anti-corruption strategy is also being worked through at this moment. There will be a lot more to say on that in the very near future.
My Lords, may I push the Minister on resources, as 41% of all crime against the individual is fraud and 1% of law enforcement resources are applied to it? Is that really sufficient?
When put in numbers like that, no. However, as I have just said, the fraud strategy is due to be published next week. That is a multiagency approach to tackling fraud. It will be outlined in considerable detail.
(1 year, 9 months ago)
Lords ChamberI am afraid that this question, too, is an awfully long way from the Private Notice Question in relation to the action taken in the Passport Office. As to forms of identity for voting in person at polling stations, if the noble Baroness wishes to put a Question about postal voting, she can put it to the relevant Minister in DLUHC.
My Lords, like many in this House, I am registered to vote in two places. I have had no information from either local authority about the need for voter ID yet. It is only a number of weeks before the election; at what point are people going to be informed by local authorities of both the need for voter ID and the ability to apply for a local authority voting card?
The noble Lord is perhaps fortunate in that I received notice last week, together with my council tax bill for the coming year. I understand that that is fairly wide practice.
(2 years, 1 month ago)
Lords ChamberAs I have already said, the National Audit Office report is going to inform the new fraud strategy. I reassure noble Lords that this is taken incredibly seriously. Alongside the fraud strategy that is due to be published shortly, we are providing more than £10 million to the City of London Police to upgrade Action Fraud, which has come under some criticism in the past. Next year, a new user-friendly and accessible reporting tool and website will be launched, offering an improved experience for victims and simpler pathways to access further support and guidance. Overall, £400 million is being allocated to economic crime, of which £100 million is being spent on the prevention of fraud.
My Lords, I have been privileged to be a member of your Lordships’ Fraud Act 2006 and Digital Fraud Committee which reported on Friday. I commend the report to the Minister and hope he has read it. One of the findings, which I think surprised all of us, is that it is not in fact the elderly who are most at risk from fraud but young people, who are also at risk of becoming money-laundering mules. Will the Government consider strengthening financial education for primary and secondary school children to equip them with the tools they need to stop being victims?
The noble Lord is quite right: in the year to March 2022 people aged over 75 were less likely to be a victim of fraud than those aged between 16 and 74. He makes an extremely good point and I will take it back to the Department for Education.
(3 years ago)
Grand CommitteeI congratulate the noble Lord, Lord Sharkey, on securing this short debate on what is becoming an increasingly serious problem, as he so eloquently set out. I at last detect that the Government are starting to take it more seriously, and that is greatly to be welcomed, but we have a very long way to go.
This debate is about protecting vulnerable people from fraud, but I make a similar point to the noble Lord, Lord Davies. The reality is that we are all at risk from fraud. The impact of fraud is not only financial; it can leave people feeling stupid, ashamed and under attack, as they are continuously bombarded with emails, calls and texts, leading to serious anxiety and depression. That can be especially true of people who are more sophisticated; they can feel particularly stupid, which is unfair, and may not report it because of that feeling of shame. A large proportion of fraud is not reported. Nobody should feel shame about having been scammed; fraudsters are very clever at finding vulnerabilities.
Why is it so easy for fraudsters? I think the simple truth is that there is a whole range of parties who facilitate it, and who have no incentive to prevent it. Here are just a few examples. We have already heard about social media and other tech giants, which are paid by fraudsters to advertise fake investment or pension deals, as well as providing the platforms that allow fraudsters to contact and groom potential victims. The obvious question for the Minister is why the Government have agreed to include user-generated fraud in the online safety Bill but not frauds where the companies have actually been paid by the fraudsters. I read just this morning that the Prime Minister has said that the Bill will force the tech giants to remove adverts that promote people smuggling. If we can do that, why on earth can we not also force them to remove fraudulent investment adverts? This is just wrong, and I urge the Government to think again about this obvious gap. The tech giants should have a clear duty of care and liability to their users for any fraud that they facilitate.
Telecoms companies enable the scammers to bombard us with calls and texts. We probably all suffer this every day. They have no incentive to stop it—they are paid by the scammers for those calls and texts. Further, they continue to allow the spoofing of caller IDs. It is not only being scammed that is traumatic; the feeling of being constantly under attack causes a lot of anxiety. When will we see action to reduce this torrent of calls and texts? Can we not use the Telecommunications (Security) Bill to that effect? You could put out regulations under that to have a go at solving this problem.
The banks provide the means by which the scammers receive the stolen money. Some banks have made real efforts—in particular, the Confirmation of Payee process is a major step in the right direction—but fraudsters are still able to transfer the stolen money and only a relatively small proportion is reimbursed under the voluntary code. It is shocking that we are not told which banks are behaving worst in this respect. Why do we not publish those league tables?
It may be that the payments system itself aids fraudsters: instantaneous payments allow the money to be whisked away through multiple accounts and abroad, or into untraceable cryptocurrency, before the victim has even realised they are a victim, by which time it is too late to do anything about it. Have the Government considered slowing payments down, particularly when making a first payment to a new payee?
As the noble Lord, Lord Sharkey, mentioned, I understand that the Government are at last proposing to make reimbursement mandatory for authorised push payment frauds. However, I have said before that it would make more sense to make the receiving bank—the bank that has handled the stolen money for the fraudster —liable for repaying the money. That would give a real incentive to banks to stop their accounts being misused by fraudsters or their mules. On that latter point, I would be interested to hear from the Minister what the Government are proposing to do about those mules, who are often young people who themselves have been conned into laundering the stolen money.
Whatever we do, it is critical that any victim reimbursement process is clear and simple and has a single point of contact so that it does not add to the trauma that victims experience. The Financial Ombudsman Service has been ruling against banks in over 70% of appeals, which shows that the current system is simply not working. Banks try to push the blame back on the victim, which just adds to the trauma. My own view is that the victim should apply to, and be reimbursed by, their bank, which should recover automatically from the receiving bank, and it would be for the receiving bank to attempt to recover from the fraudster or those who have facilitated the fraud—the social media or telecoms company, or whoever. Section 75 of the Consumer Credit Act works broadly in a similar way. Could that not be a precedent?
Why are so few frauds investigated or prosecuted? Again, this adds to the trauma; it is traumatic if you do not feel that you are being taken seriously by the authorities. I suspect that the poor investigation and prosecution record is down to a combination of insufficient police resources, inadequate specialist training and a lack of appropriate technology. According to the Victims’ Commissioner, only about 2% of police resources is directed against fraud, despite—according to the Government’s own numbers—fraud being 42% of all crime against individuals. That is a huge disparity: 2% to 42%. Action Fraud would be better named “Inaction Fraud”—it is farcical. What plans do the Government have to make improvements in all those areas?
Fraud is also covered by a whole range of government departments: DCMS, the Home Office, the Treasury, DWP and the Foreign Office, among others. I wonder whether that fragmentation contributes to the problem. Would it not be helpful to have one Minister who was given full oversight to ensure that fraud is covered holistically, not just piecemeal?
Finally, I am delighted that yesterday the House approved my proposal for a committee of special inquiry into digital fraud. I record my thanks to the noble Lords, Lord Young of Cookham, Lord Stevenson of Balmacara and Lord Vaizey of Didcot, and the noble Baroness, Lady D’Souza, for their support in that process. I hope that the committee will be able to provide valuable insight into the problem and to make practical and achievable recommendations to assist the Government in solving this scourge, and I hope the Government will be receptive.